Tutorial: how to block non-admin direct access to jetpack
-
The current version of the plugin (1.1) will remove visual indication of the existence of Jetpack, but not capabilities. So a subscriber may get to the JP page by entering:
/admin.php?page=jetpackin the url.To block this, simply edit the plugin’s single php file, and add at the end the following code:
`
function jp_forbidden_pages() {
if( class_exists( ‘Jetpack’ ) && !current_user_can( ‘manage_options’ ) ) {
$forbidden_pages = array(‘jetpack’, ‘omnisearch’, ‘stats’);if ( isset($_GET[‘page’]) ) {
$page = preg_replace( ‘/[^0-9a-zA-Z_-]/’, ”, $_GET[‘page’] );
if ( in_array($page, $forbidden_pages) )
wp_die(__(‘You do not have sufficient permissions to access this page.’));
}
}
}
add_action( ‘admin_init’, ‘jp_forbidden_pages’ );
`This will send non-admins to the default wp “access denied” page, if they enter the following jetpack submenus:
/admin.php?page=jetpack
/admin.php?page=omnisearch
/admin.php?page=statshttps://www.ads-software.com/plugins/jetpack-only-for-admins/
- The topic ‘Tutorial: how to block non-admin direct access to jetpack’ is closed to new replies.
